这个问题已经以各种排列方式提出,但是我还没有找到正确的组合来回答我的特定问题。 配置
我已经添加了 force_ssl 到我的ApplicationController,如下所示:
#file:controllers / application_controller.rb class ApplicationController< ActionController :: Base protect_from_forgery force_ssl end问题
目前,如果用户导航到 example ,则force_ssl会切换到SSL,但自它不是 secure.example ,它显示了一个有关未经验证的安全证书的警告,因为它使用默认的Heroku证书。
(我已验证,导航到 secure.example 正确重定向到 https://secure.example。 )
问题并使用适当的安全证书。 >如何强制 www.example/anything 和 example/anything 重定向到 secure.example/anything ? (我假设force_ssl将处理从http到https的切换。)由于我无法触及中间件(回想起这是Heroku托管),我假设我可以这样做:
#file:controllers / application_controller.rb class ApplicationController< ActionController :: Base protect_from_forgery force_ssl before_filter:force_secure_subdomain $ b private b $ b def force_secure_subdomain redirect_to(something ...)除非请求。 SSL? 结束结束...但是我没有充分地获取redirect_to和请求对象知道要为写些什么...... 。 (我想确保它能处理查询参数等)。 通过执行以下操作,您可以重定向到不同的主机名以下内容:
#file:controllers / application_controller.rb class ApplicationController< ActionController :: Base force_ssl:host => secure.example end请参阅: rails force_ssl来源了解更多信息
This question has been asked in various permutations, but I haven't found the right combination that answers my particular question.
The configuration- Rails 3.1 (allowing me to use force_ssl in my ApplicationController)
- Hosted on Heroku Cedar (so I can't touch the middleware)
- My SSL certs are registered for secure.example
I've already added force_ssl to my ApplicationController, like this:
# file: controllers/application_controller.rb class ApplicationController < ActionController::Base protect_from_forgery force_ssl endThe problem
Currently, if a user navigates to example, force_ssl switches to SSL, but since it's NOT secure.example, it presents a warning about an unverified security cert because it's using the default Heroku cert.
(I've verified that navigating to secure.example properly redirects to secure.example and uses the proper security cert. That's good.)
The questionHow do I force www.example/anything and example/anything to redirect to secure.example/anything? (I'm assuming that force_ssl will handle the switch from http to https.) Since I cannot touch the middleware (recall that this is Heroku hosting), I assume I can do something like:
# file: controllers/application_controller.rb class ApplicationController < ActionController::Base protect_from_forgery force_ssl before_filter :force_secure_subdomain private def force_secure_subdomain redirect_to(something...) unless request.ssl? end end... but I haven't sufficiently grokked redirect_to and the request object to know what to write for something.... (I want to be sure that it handles query params, etc.)
解决方案you can redirect to a different hostname by doing the following:
# file: controllers/application_controller.rb class ApplicationController < ActionController::Base force_ssl :host => "secure.example" endsee: rails force_ssl source for more info
更多推荐
从http://example.com重定向到https://example.mysite.com
发布评论